1. Field of Disclosure
Example embodiments of the present disclosure relate generally to secure master-slave communication, and more particularly to a communication system and method in which a session key is generated by both the master and slave devices for use in both encryption/decryption and slave address generation.
2. Description of the Related Art
Printing devices are known to use electronic authentication schemes associated with their consumable supply items. Typically, the replaceable supply item contains an integrated circuit chip that communicates with the controller located in the printer. In such an arrangement, the printer is configured as the host device and each supply item as a slave device. The controller in the host checks the authenticity of each slave device by sending a challenge thereto. The authenticity is verified by the host receiving from the slave device the correct response to the challenge.
In some existing consumable authentication schemes, the host and slave devices communicate over the I2C bus. The host sends commands to the slave using the slave address assigned thereto, the slave executes the commands and sends responses, as appropriate, back to the host. The commands and data are sent with no data checking.
While the communications between hosts and slaves are not encrypted, such a system utilizes a unique slave address change feature in order to make duplicating the function of the slave device more difficult. The slave address is changed on a regular basis to slave address values determined by an algorithm that is known to both the host and slave. After receiving an address change command from the host, the slave will not respond to address polls from the host until after a certain command is received on the new address. The current address is stored in non-volatile memory of both the host and slave so the current address, along with the position in the address sequence, is maintained over power cycles.
The address change feature makes cloning the integrated circuit chip of the slave device more difficult because the algorithm for computing the next slave address value utilizes the current value thereof. The problem with this feature is the host and slave can become unsynchronized in the address sequence. For example, this will happen when moving a slave supply item from one host printer to another because the second printer will not know where the slave device is in the address sequence. To overcome this, a means for resetting the sequence is provided, which substantially weakens the security of the system.
In particular, the existing system suffers from 1) a lack of data checking and correcting; 2) unencrypted communication; and 3) resettable slave address sequences.
Operation in noisy environments may cause data corruption on the bus, but the existing system does not have means for detecting or correcting these noise induced errors. This is of some importance because the supply items (slave devices) are often located within the host printer a relatively long distance from the host controller and the communications bus wires may be routed near aggressive noise sources, such as motors. Sending the commands in unencrypted form allows an attacker to learn the system's commands and data by capturing traffic between the printer controller and the supply item.
Based upon the foregoing, a need exists for an improved host-slave communication system.